CVE-2025-10127

Summary

Daikin Europe N.V

Security Gateway is vulnerable to an authorization bypass through a user-controlled key vulnerability that could allow an attacker to bypass authentication. An unauthorized attacker could access the system without prior credentials.

Affected Software

VendorProductVersion RangeStatus
Daikin Europe N.VSecurity GatewayApp: 100, Frm: 214affected

Weaknesses

  • CWE-640: CWE-640

Workarounds

Daikin Europe N.V

has reported they will not fix this vulnerability and will respond directly to user inquiries.

For more information, contact Daikin customer support https://www.daikin.eu/en_us/customers/support.html  .

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References